Which of the following is the MOST important reason for performing a cost-benefit analysis when implementing a security control?
A . To present a realistic information security budget
B . To ensure that benefits are aligned with business strategies
C . To ensure that the mitigation effort does not exceed the asset value
D . To justify information security program activities
Answer: B